Considering the following scenario:
I have an MVC web application written in asp.net 4.5 that is using forms authentication.
For authenticating the current user, I am calling a web service method which tells me if the login is valid and if it is I am setting the identity on the web application after getting the response from the web service.
My problem now is that I want to be able to identify the user in both the MVC web application as well as on the back-end services when the user places the calls, would prefer doing this from configuration if possible.
Another concern is where should I create the session token and do session management? Don't want my authentication method being called on every single request, so I suppose I need a session token caching mechanism and also don't want to set the credentials for the proxy on every request, if possible I want this to be done from configuration, is it possible using WIF and if so how?
What would be considered a good approach on implementing this?